diff options
author | bbergeron <[email protected]> | 2024-04-29 18:53:03 -0400 |
---|---|---|
committer | bbergeron <[email protected]> | 2024-04-29 18:53:03 -0400 |
commit | df3d81128887209e083218bf1e3942d13df2e57e (patch) | |
tree | b2e98b7febfc7769ca1b34fe3ca3f5a978032520 /mntrun.1 |
Diffstat (limited to 'mntrun.1')
-rw-r--r-- | mntrun.1 | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/mntrun.1 b/mntrun.1 new file mode 100644 index 0000000..b908c50 --- /dev/null +++ b/mntrun.1 @@ -0,0 +1,65 @@ +.TH USERMNT 1 mntrun\-VERSION +.SH NAME +mntrun \- mounts binds and overlays inside an ephemeral mount namespace, and runs a command in it +.SH SYNOPSIS +.B mntrun +.RB [ \-dhv ] +.RB [ \-b +.IR "source dest" ] +.RB [[ \-o | \-m ] +.IR "lower upper workdir mountpoint" ] +.IR command +.SH DESCRIPTION +Exploits SUID to allow regular users to create overlays and binds mounts inside an ephemeral namespace, and to run +.I command +inside this new namespace. mntrun prints to stderr whenever an error occurs, but errors concerning mounts are better diagnosed using +.BR dmesg (1). +.TP +These switches are mutually exclusive and must come right after 'mntrun': +.TP +.B \-d +Enable debug logs. +.TP +.B \-h +Display usage and quit. +.TP +.B \-v +Display version and quit. +.TP +The following mount directives can appear several times: +.TP +.BI \-b " source dest" +Bind: binds +.I source +to +.IR dest . +This directive will fail if the current user does't have the permission to write to +.IR dest . +.TP +.BI \-o " lowers upper workdir mountpoint" +Overlay: overlays +.IR lowers , +a colon-separated list of read-only directories, and a writable directory +.IR upper +onto +.IR mountpoint , +using +.I workdir +as the working directory. This directive will fail if the current user doesn't have the permission to write to upper, workdir or mountpoint . +.TP +.BI \-m " lowers upper workir mountpoint" +Merge: like +.BR \-o , +but +.I mountpoint +is prepended to +.IR lowers . +.TP +As mentioned, mntrun must belong to root and have SUID permission to work for regular users. + +.SH AUTHORS +B. Bergeron <[email protected]> + +.SH SEE ALSO +.BR mount (8), +.BR dmesg (1) |